1. Technical Field
The present invention relates in general to electronic data transfer security and in particular to defeating private key discovery attacks in a public key cryptography system. Still more particularly, the present invention relates to providing an authentication mechanism for accessing private keys utilizing in decoding an encrypted data transfer.
2. Description of the Related Art
Security for electronic communicationsxe2x80x94e-mail, HTTP transactions, telephone communications, etc.xe2x80x94is essential for a variety of enterprises employing publicly shared or otherwise insecure communications channels, including Internet storefront businesses which wish to conduct electronic commerce. One of the most common techniques for providing the requisite security is encryption of data transfers utilizing a public key cryptography system (PKCS).
Public key cryptography encryption actually relies on a pair of keys: a public key and a private key. Public-key algorithms are designed so that the key used for encryption is different from the key used for decryption (i.e.xe2x80x94the encryption algorithm is not symmetric) and so that the decryption key cannot be readily calculated from the encryption key. Thus, one keyxe2x80x94typically, but not necessarily, the encryption keyxe2x80x94may be published while the corresponding key is kept secret.
In PKCS systems, the public key is generally published to the party sending the message and utilized to encrypt the message by an one-way or irreversible encryption algorithm, resulting in an encrypted message which cannot be decrypted or deciphered utilizing the public key, but only by utilizing a corresponding private key known only to the intended recipient. The encrypted message is transmitted to the intended recipient, which utilizes the private key to decrypt the message.
A common implementation of PKCS, for example, employs Rivest-Shamir-Aldeman (RSA) and Data Encryption Standard (DES) encryption. A message to be transferred is first encrypted by a one-way encryption algorithm with a random (or, more commonly, pseudo-random) DES key. The DES key is also encrypted utilizing the public key of the intended recipient, and both the encrypted message and the encrypted DES key are transmitted to the intended recipient. When the message and DES key arrive, the recipient employs the private key to decrypt the DES key, then decrypts the message using the newly-acquired DES key.
Encryption keys employed for public key cryptography are preferably random, or at least pseudo-random. Furthermore, larger encryption keys (i.e. 128 bits as opposed to 40 bits) provide greater security. As a result, private keys are not easily committed to memory by a user and instead are most commonly stored in nonvolatile storage by or for the owner, such as within a database containing public key/private key pairs.
By their nature, private keys must be protected, which means that the security of any public key cryptography system is limited by the security of the database containing private keys and by the security of the communications channel employed to retrieve information from the database. For instance, in a network computer environment where a number of users share a common user unit or xe2x80x9croamxe2x80x9d among user units connected to a network, the private key database of a particular user may be maintained on the network, with private keys retrieved over the network. PKCS becomes useless if the private keys are readily available or easily intercepted in that or similar situations.
It would be desirable, therefore, to provide a mechanism for securing private keys for a public key cryptography system.
It is therefore one object of the present invention to provide an improved method and apparatus for providing electronic data transfer security.
It is another object of the present invention to provide a method and apparatus for defeating private key discovery attacks in a public key cryptography system.
It is yet another object of the present invention to provide an authentication mechanism for accessing private keys utilizing in decoding an encrypted data transfer.
The foregoing objects are achieved as is now described. Private keys for a public key cryptography system (PKCS) are protected with the hashed value of a password known only to an authorized user. The overall security of the PKCS system is thus augmented beyond the security of private key storage and communication when decrypting a message by the requirement of a password to extract the private key based on a password. Strong one-way hash functions and password strength rules may additionally improve overall security. Upon receipt of a message encrypted with the public key, both the public key and the protected private key are retrieved from key storage. Interception of this transaction is useless since the protected private key alone cannot be utilized to decrypt the received message. The user is prompted for entry of a password, and the password is verified by extracted a potential private key from the protected private key utilizing the hashed password value, encrypting an well-known message with the public key, decrypting the encrypted well-known message utilizing the potential private key, and comparing the original and decrypted well-known messages. If they match, the password is verified, and the extracted private key is employed to decrypt the received message. Signature values based on the password and/or private key may be employed to change the password or add new public key/private key pairs to the key storage. Since the password and/or private key are included, the signature value changes each time, thus guarding against replay attacks.
The above as well as additional objects, features, and advantages of the present invention will become apparent in the following detailed written description.